[Bug 266273] Re: Error while editiing general list information page

Cedders cedric at gn.apc.org
Tue Feb 16 20:35:28 CET 2010

It looks like a few people (eg on Sourceforge) have reported that the
suspicious HTML check is too suspicious since it was introduced in
version 2.1.9; for instance rejecting innocent META tags.  Also, it
links to http://wiki.list.org/x/jYA9 for more information, but there is
no information there about the reasons for rejection leading to
frustration for the list owner.

"The page you saved contains suspicious HTML that could potentially expose your users to cross-site scripting attacks. This change has therefore been rejected. If you still want to make these changes, you must have shell access to your Mailman server.
See FAQ 4.48."

Could either the list of "badwords" be moved to Defaults.py, or there be
an option to say that we trust list owners to edit their own HTML?

I've worked around by hacking /usr/lib/mailman/Mailman/Cgi/edithtml.py
line 162.

** Changed in: mailman
       Status: New => Confirmed

Error while editiing general list information page
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.

More information about the Mailman-coders mailing list